This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 101020416.
ERATOSTHENES aims to solve critical obstacles considering “Security of Things” as core to the future IoT success. The project envisions to develop a decentralized and contextual Trust and Identity Management Framework for resource-restricted IoT environments following a self-sovereign approach. The project intends to enable the automated lifecycle monitoring of the devices, strengthening trust, identities, and resilience in the entire IoT ecosystem, supporting the enforcement of the NIS directive, GDPR, and Cybersecurity Act
ERASTOSTHENES will leverage a series of breakthrough solutions:
The first-ever enclosure of cybersecurity features in IoT devices through the deployment of the Trust Agents and continuous trust evaluation within the network in a contextual and social approach.
Decentralized identity management mechanisms to conciliate the requirements of self-sovereignty and privacy preservation in a distributed and transparent trust model along with disposable identities
Self-encryption/decryption at device-level with an automated recovery process after an attack based on a multi-layer recovery model
Threat-analysis models based on federated learning and edge execution to continuously monitor devices, proactive assess threats and weaknesses and detect attacks
Collaborative IoT threat intelligence sharing across ledgers to adapt detection and defence mechanism to the evolving security conditions and assist the IoT lifecycle
The ERATOSTHENES project will:
1. Design a Trust Framework and a Reference Architecture to ensure end-to-end trust and identity management in distributed IoT networks, suited for resource-restricted environments, critical and industrial applications
2. Design and develop a lightweight, distributed, and dynamic Trust Manager to enhance the trust in large-scale distributed networks of heterogeneous IoT devices covering each layer and cross-layer of the network
3. Design a decentralised, scalable, efficient and privacy preserving IoT identity management to conciliate the requirements of self-sovereignty and privacy preservation in a distributed, interoperable and transparent trust model, including self-encryption/decryption schemes and IoT identity recovery
4. Build the lifecycle management and the overall governance layer of the trust network on novel Distributed Ledger Technologies and a hybrid consensus protocol. Implement Smart Contracts for enforcing access policies and sharing trustworthiness within the network guaranteeing their transparency, integrity, authenticity, and authority. Design of Inter-ledger Cyber-Threat Information Sharing, and automated Recovery Solutions based on a multi-layer approach
5. Integrate and Validate the approach through real-world pilots to assess its effectiveness and organize hands-on training through realistic cybersecurity exercises
6. Deliver knowledge via dissemination and capacity building, supporting the enforcement of the Cybersecurity Act and standardization activities and build a robust exploitation plan and market positioning
The project has identified three pilots, which will be exploited to establish and validate the readiness level of ERATOSTHENES by extensively deploy it in real-world scenarios. The aim is to test it in realistic and versatile operational environments.
The first pilot will explore several attack scenarios during the implementation of the ERATOSTHENES framework in connected vehicles, investigating the interaction between vehicles (V2V) and the interactions between a vehicle and road infrastructure (V2I/I2V). The connected vehicle is an integrated part of more extensive IoT deployments where multiple infrastructures are also intelligent objects, such as vehicle detection loops installed near a traffic light, traffic signals, trolling collection systems, parking management, or electrical charging stations. This pilot will validate the ERATOSTHENES framework through several scenarios covering both V2I and V2V concepts. For example, it will assess the case when a vehicle communicates through an OBU to a roadside infrastructure device (traffic light), and another vehicle fitted with an OBU will also be nearby, sending conflicting/malicious intent messaging.
The second pilot will validate ERATOSTHENES framework in the smart health world by deploying its Trust Agents in the patient monitoring product of Tellu. The implementation aims to transform the product from a closed remote patient monitoring service to an open platform for home assistance, enabling the healthcare gateways to collect data not only from the standard IoT devices distributed by the operator but also from the patient’s own devices in a secure and safe manner
One-minute downtime in automotive production can result in USD 22.000 cost. An hour downtime can cause damage of 1.3 million USD. The third pilot aims to increase security by design in industrial IoT networks and communication. It will demonstrate the efficacy of the ERATOSTHENES framework in such environments by introducing novel approaches on IoT Asset Identification and disposable IDs to identify trustworthy entities in communication networks. The system will showcase a level of trust and resilience in industrial communication networks to prevent, defend and isolate malicious attackers hiding or faking their true identities.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 101020416.